| |
| |||||||
Log-Analyse und Auswertung: Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.01.2014, 02:30
| #1 |
| |  Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden Hallo zusammen, während eines vollständigen System Scans hat Avast im Ordner WinSxS Rootkits gefunden. Ich habe mir einige infizierte Dateien rausgesucht und bei VirusTotal erneut überprüfen lassen. Dort wurden sie allerdings als nicht infiziert eingestuft. Ich habe dann in Avast erstmal alles ignoriert und erneut einen vollständigen System Scan dort gestartet. Komischerweise hat bei diesem zweiten Scan auch Avast keine Bedrohung mehr festgestellt. Ich bin jetzt verunsichert und würde mich über Hilfestellung freuen. Hier der Avast Log mit den Funden: Code:
ATTFilter * avast! Protokolldatei
* Diese Protokolldatei wurde automatisch erstellt
*
* Prüfungsname: Vollständige Überprüfung
* Start: Mittwoch, 15. Januar 2014 01:20:10
* VPS: 140114-1, 14.01.2014
*
C:\Windows\WinSxS\amd64_microsoft-windows-mfcore_31bf3856ad364e35_6.3.9600.16476_none_e1a3d8a62b1eb2ca\mfps.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-rastls_31bf3856ad364e35_6.3.9600.16475_none_5d2f5e152411e14e\rastlsext.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-s..l-bulkoperationhost_31bf3856ad364e35_6.3.9600.16477_none_9132981ce4574513\BulkOperationHost.exe [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-smspaceprovider_31bf3856ad364e35_6.3.9600.16483_none_c17ccf829341c0d9\smphost.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_6.3.9600.16474_none_b96a75b2116aaa1d\CSystemEventsBrokerClient.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_6.3.9600.16474_none_b96a75b2116aaa1d\EventAggregation.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.16456_none_a3fee49b3a43236c\FWPKCLNT.SYS [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.3.9600.16477_none_07431536fa996177\AcRes.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\wow64_microsoft-windows-com-base_31bf3856ad364e35_6.3.9600.16476_none_090e133a2ed35a96\wincorlib.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\wow64_microsoft-windows-com-base_31bf3856ad364e35_6.3.9600.16476_none_090e133a2ed35a96\WinTypes.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\wow64_microsoft-windows-mfcore_31bf3856ad364e35_6.3.9600.16476_none_ebf882f85f7f74c5\mfps.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\wow64_microsoft-windows-smspaceprovider_31bf3856ad364e35_6.3.9600.16483_none_cbd179d4c7a282d4\smphost.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.3.9600.16474_none_0cacf1f57fd1f6c3\TabTip32.exe [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\x86_microsoft-windows-rastls_31bf3856ad364e35_6.3.9600.16475_none_0110c2916bb47018\rastlsext.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-c..ted-immersiveviewer_31bf3856ad364e35_6.3.9600.16477_none_35e200a310c5a92e\Bing.Immersive.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-c..ted-immersiveviewer_31bf3856ad364e35_6.3.9600.16477_none_35e200a310c5a92e\Bing.Immersive.winmd [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.3.9600.16477_none_a0d1cff50dd960f4\AcWinRT.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.3.9600.16477_none_a0d2d03f0dd87a4b\AcSpecfc.dll [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-filemanager.appxmain_31bf3856ad364e35_6.3.9600.16477_none_e27ce93cf9e0adb8\FileManager.exe [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-filemanager.appxmain_31bf3856ad364e35_6.3.9600.16477_none_e27ce93cf9e0adb8\PhotosApp.exe [L] Rootkit: hidden file (0)
C:\Windows\WinSxS\amd64_microsoft-windows-filemanager.appxmain_31bf3856ad364e35_6.3.9600.16477_none_e27ce93cf9e0adb8\Telemetry.dll [L] Rootkit: hidden file (0)
C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
C:\Users\Michael\SkyDrive\Dokumente:ms-properties [E] Datei ist offline - sie ist aktuell nicht verfügbar. (42006)
C:\Users\Michael\SkyDrive:ms-properties [E] Datei ist offline - sie ist aktuell nicht verfügbar. (42006)
C:\swapfile.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\hiberfil.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\pagefile.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
\\?\Volume{84c11454-3b7c-11e3-824c-806e6f6e6963}\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
Infizierte Dateien: 21
Dateien gesamt: 343230
Ordner gesamt: 42418
Gesamtgröße: 200,2 GB
*
* Prüfung beendet: Mittwoch, 15. Januar 2014 01:30:29
* Laufzeit war 10 Minute(n), 10 Sekunde(n)
Geändert von Mihi (15.01.2014 um 02:40 Uhr) |
|
15.01.2014, 08:02
| #2 |
| /// the machine /// TB-Ausbilder    | Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.01.2014, 11:43
| #3 |
| | Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden Hallo,
__________________danke, dass Du mir hilfst! Mir ist noch aufgefallen, dass während des Virenscans Windows Update neue Updates installiert hat. Kann es da ggf einen Zusammenhang geben? Hier die Log Files, profilaktisch auch der GMER Log, wie im Tutorial beschrieben: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Michael (administrator) on MICHAEL on 15-01-2014 04:34:18
Running from C:\Users\Michael\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-08-16] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Agile1pAgent] - C:\Program Files (x86)\1Password\Agile1pAgent.exe [2247952 2013-12-18] (AgileBits)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-23] (Google Inc.)
HKCU\...\Run: [Google+ Auto Backup] - C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
MountPoints2: {fb96d755-4921-11e3-82b7-bc773712da1c} - "E:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5w79pdzj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5w79pdzj.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2013-10-23]
FF Extension: Pocket - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5w79pdzj.default\Extensions\isreaditlater@ideashower.com [2013-10-23]
FF Extension: 1Password - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5w79pdzj.default\Extensions\onepassword@agilebits.com.xpi [2013-10-23]
FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5w79pdzj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-23]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5w79pdzj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-23]
FF Extension: BetterPrivacy - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5w79pdzj.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-10-23]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1106.433.2_0\plugin/ace.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Skype Web Plugin) - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-23]
CHR Extension: (Google Cast) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.102.1.1_0 [2014-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0 [2014-01-09]
CHR Extension: (Send to Kindle for Google Chrome\u2122) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0 [2013-10-23]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-23]
CHR Extension: (Google+) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0 [2013-10-23]
CHR Extension: (Google Tasks (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0 [2013-10-23]
CHR Extension: (Google Calendar) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0 [2013-10-23]
CHR Extension: (ZenMate for Google Chrome\u2122) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\3.3_0 [2014-01-14]
CHR Extension: (SENDtoREADER for Google Chrome\u2122) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhdkebeidngpdomidhocbjgjbfbpdbdh\1.0.1_0 [2013-10-23]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.4.2_0 [2013-11-05]
CHR Extension: (1Password) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmbinomkfhmgknkoicejolfdfjeajmk\3.9.21.90_0 [2014-01-14]
CHR Extension: (Google Keep) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14032.121_0 [2014-01-14]
CHR Extension: (Google Play Music) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0 [2013-10-23]
CHR Extension: (Dropbox) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0 [2013-10-23]
CHR Extension: (Google Maps) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0 [2013-10-23]
CHR Extension: (Google Mail Checker) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0 [2013-10-23]
CHR Extension: (Pocket) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0 [2013-10-23]
CHR Extension: (Hangouts) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1211.433.2_0 [2013-12-18]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0 [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-08]
CHR Extension: (Outlook.com) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0 [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-10-23]
==================== Services (Whitelisted) =================
U2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2013-12-18] (AgileBits)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
U2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-09-13] (Intel Corporation)
U3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
U2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
U2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-02] (AVAST Software)
U1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software)
U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] ()
U1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-02] (AVAST Software)
U1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-02] (AVAST Software)
U3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-02] (AVAST Software)
U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-02] ()
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
U3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
U3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
U3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-10-23] (NVIDIA Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [x]
U3 uwldypow; \??\C:\Users\Michael\AppData\Local\Temp\uwldypow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 04:34 - 2014-01-15 04:34 - 00020657 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-15 04:34 - 2014-01-15 04:34 - 00000000 ____D C:\FRST
2014-01-15 04:31 - 2014-01-15 04:32 - 02076160 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-01-15 04:27 - 2014-01-15 04:27 - 00028281 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-15 04:05 - 2014-01-15 04:05 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2014-01-15 03:30 - 2014-01-15 03:30 - 00377856 _____ C:\Users\Michael\Desktop\jjtyh8s8.exe
2014-01-15 03:24 - 2014-01-15 04:05 - 00000000 ____D C:\Users\Michael\Documents\AvastPEToolkit
2014-01-15 02:50 - 2014-01-15 02:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-15 02:49 - 2014-01-15 02:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 02:49 - 2014-01-15 02:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-15 02:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 01:21 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-01-15 01:21 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-01-15 01:21 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-01-15 01:21 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-01-15 01:21 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-01-15 01:21 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-01-15 01:21 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-01-15 01:21 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-01-15 01:21 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-01-15 01:21 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 01:21 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-01-15 01:21 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-01-15 01:21 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-01-15 01:21 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-01-15 01:21 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-01-15 01:21 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-01-15 01:21 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-01-15 01:21 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-01-15 01:21 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-15 01:20 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-01-15 01:20 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-01-15 01:20 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-01-15 01:20 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-01-15 01:20 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-01-15 01:20 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-01-15 01:20 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-01-15 01:20 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2014-01-15 01:20 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2014-01-15 01:20 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-01-15 01:20 - 2013-11-27 11:34 - 00138240 _____ C:\Windows\system32\OEMLicense.dll
2014-01-15 01:20 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-15 01:20 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-01-15 01:20 - 2013-11-27 10:54 - 00103936 _____ C:\Windows\SysWOW64\OEMLicense.dll
2014-01-15 01:20 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-01-15 01:20 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-01-15 01:20 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-01-15 01:20 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2014-01-15 01:20 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2014-01-15 01:20 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 01:20 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-01-15 01:20 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 01:20 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-01-15 01:20 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 01:20 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 01:20 - 2013-11-27 05:01 - 00385614 _____ C:\Windows\system32\ApnDatabase.xml
2014-01-15 01:20 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-01-15 01:20 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-01-15 01:20 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-01-15 01:20 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-01-15 01:20 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-01-15 01:20 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-01-15 01:20 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-01-15 01:20 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-01-15 01:20 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2014-01-15 01:20 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2014-01-15 01:20 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-01-15 01:20 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-01-15 01:20 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-01-15 01:20 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2014-01-15 01:20 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-15 01:20 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-01-15 01:20 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-01-15 01:20 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-01-15 01:20 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-01-15 01:20 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-01-15 01:20 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-01-15 01:20 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-01-15 01:20 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-01-15 01:07 - 2014-01-15 01:07 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-13 03:59 - 2014-01-13 04:00 - 00032214 _____ C:\Users\Michael\Downloads\base.php
2014-01-13 03:56 - 2014-01-13 03:58 - 00001426 _____ C:\Users\Michael\Downloads\.htaccess
2014-01-13 02:00 - 2014-01-13 11:41 - 00000000 ____D C:\Users\Michael\Downloads\owncloud-6.0.0a
2014-01-13 01:30 - 2014-01-13 02:00 - 58901140 _____ C:\Users\Michael\Downloads\owncloud-6.0.0a.zip
2014-01-12 22:09 - 2014-01-13 01:12 - 00007929 _____ C:\Users\Michael\Downloads\setup-owncloud.php
2014-01-11 16:29 - 2014-01-11 16:29 - 00000000 ____D C:\Program Files (x86)\SDA
2014-01-11 16:28 - 2014-01-11 16:28 - 00000000 ____D C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-11 14:42 - 2014-01-15 00:53 - 00000000 ____D C:\Users\Michael\Downloads\2013-09-25-wheezy-raspbian
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ____D C:\Users\Michael\Downloads\win32diskimager-v0.9-binary
2014-01-10 00:44 - 2014-01-10 00:45 - 00000000 ____D C:\Users\Michael\Documents\gSyncit
2014-01-09 23:46 - 2014-01-10 00:07 - 00038479 _____ C:\Users\Michael\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2014-01-08 13:49 - 2014-01-12 14:13 - 00000000 ____D C:\Program Files\Recuva
2014-01-05 20:29 - 2014-01-10 20:18 - 00000000 ____D C:\Users\Michael\Downloads\Dani
2014-01-05 20:29 - 2014-01-05 20:29 - 00000000 ____D C:\Users\Michael\Downloads\Eva
2014-01-05 15:39 - 2014-01-05 16:04 - 00000000 ____D C:\Users\Michael\Documents\Benutzerdefinierte Office-Vorlagen
2014-01-05 14:33 - 2014-01-13 22:50 - 00000000 ____D C:\Users\Michael\Desktop\Raspberry Pi
2014-01-05 02:27 - 2014-01-15 00:53 - 00000600 _____ C:\Users\Michael\AppData\Local\PUTTY.RND
2014-01-03 21:17 - 2014-01-03 21:17 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-02 19:44 - 2014-01-02 19:44 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-22 13:12 - 2014-01-07 02:36 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-21 11:43 - 2013-12-21 11:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\e-academy Inc
2013-12-21 11:43 - 2013-12-21 11:43 - 00000000 ____D C:\Users\Michael\AppData\Local\e-academy Inc
2013-12-18 17:15 - 2013-12-18 17:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\XMedia Recode
2013-12-18 16:31 - 2013-12-18 16:31 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
==================== One Month Modified Files and Folders =======
2014-01-15 04:34 - 2014-01-15 04:34 - 00020657 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-15 04:34 - 2014-01-15 04:34 - 00000000 ____D C:\FRST
2014-01-15 04:34 - 2013-10-25 21:24 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 04:32 - 2014-01-15 04:31 - 02076160 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-01-15 04:27 - 2014-01-15 04:27 - 00028281 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-15 04:22 - 2013-10-23 14:29 - 00000000 ___RD C:\Users\Michael\Dropbox
2014-01-15 04:21 - 2013-10-23 09:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Macromedia
2014-01-15 04:15 - 2013-10-23 01:56 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2014-01-15 04:07 - 2013-10-23 19:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 04:05 - 2014-01-15 04:05 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2014-01-15 04:05 - 2014-01-15 03:24 - 00000000 ____D C:\Users\Michael\Documents\AvastPEToolkit
2014-01-15 04:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2014-01-15 03:30 - 2014-01-15 03:30 - 00377856 _____ C:\Users\Michael\Desktop\jjtyh8s8.exe
2014-01-15 03:23 - 2013-11-08 12:00 - 01997890 _____ C:\Windows\WindowsUpdate.log
2014-01-15 03:16 - 2013-10-23 02:02 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2412235728-2126132841-3062882194-1001
2014-01-15 03:14 - 2013-10-23 01:53 - 01785538 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 03:14 - 2013-08-23 00:24 - 00769220 _____ C:\Windows\system32\perfh007.dat
2014-01-15 03:14 - 2013-08-23 00:24 - 00160448 _____ C:\Windows\system32\perfc007.dat
2014-01-15 03:12 - 2013-11-08 12:01 - 00009685 _____ C:\Windows\setupact.log
2014-01-15 03:11 - 2013-11-16 11:24 - 00005212 _____ C:\Windows\PFRO.log
2014-01-15 03:11 - 2013-11-07 19:11 - 00474448 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:11 - 2013-10-25 21:24 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 03:11 - 2013-10-23 14:25 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2014-01-15 03:11 - 2013-10-23 01:58 - 00000000 __RDO C:\Users\Michael\SkyDrive
2014-01-15 03:11 - 2013-10-23 01:56 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 03:11 - 2013-10-23 01:56 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-15 03:11 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 03:10 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2014-01-15 03:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2014-01-15 03:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\MediaViewer
2014-01-15 03:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\FileManager
2014-01-15 03:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Camera
2014-01-15 03:10 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2014-01-15 03:10 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Dism
2014-01-15 03:10 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-15 02:50 - 2014-01-15 02:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-15 02:50 - 2014-01-15 02:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 02:49 - 2014-01-15 02:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-15 01:35 - 2013-10-24 16:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-15 01:22 - 2013-11-14 10:55 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 01:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2014-01-15 01:21 - 2013-11-14 10:55 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 01:13 - 2013-10-23 15:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-01-15 01:10 - 2013-10-23 19:45 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-15 01:10 - 2013-10-23 19:45 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe
2014-01-15 01:07 - 2014-01-15 01:07 - 00005373 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 01:07 - 2013-10-23 02:28 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 01:01 - 2013-10-25 17:58 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-15 00:53 - 2014-01-11 14:42 - 00000000 ____D C:\Users\Michael\Downloads\2013-09-25-wheezy-raspbian
2014-01-15 00:53 - 2014-01-05 02:27 - 00000600 _____ C:\Users\Michael\AppData\Local\PUTTY.RND
2014-01-14 13:43 - 2013-10-24 21:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\gSyncit
2014-01-14 04:36 - 2013-10-25 23:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FileZilla
2014-01-13 22:50 - 2014-01-05 14:33 - 00000000 ____D C:\Users\Michael\Desktop\Raspberry Pi
2014-01-13 11:41 - 2014-01-13 02:00 - 00000000 ____D C:\Users\Michael\Downloads\owncloud-6.0.0a
2014-01-13 04:00 - 2014-01-13 03:59 - 00032214 _____ C:\Users\Michael\Downloads\base.php
2014-01-13 03:58 - 2014-01-13 03:56 - 00001426 _____ C:\Users\Michael\Downloads\.htaccess
2014-01-13 02:00 - 2014-01-13 01:30 - 58901140 _____ C:\Users\Michael\Downloads\owncloud-6.0.0a.zip
2014-01-13 01:12 - 2014-01-12 22:09 - 00007929 _____ C:\Users\Michael\Downloads\setup-owncloud.php
2014-01-13 00:34 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-12 14:13 - 2014-01-08 13:49 - 00000000 ____D C:\Program Files\Recuva
2014-01-11 16:29 - 2014-01-11 16:29 - 00000000 ____D C:\Program Files (x86)\SDA
2014-01-11 16:28 - 2014-01-11 16:28 - 00000000 ____D C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ____D C:\Users\Michael\Downloads\win32diskimager-v0.9-binary
2014-01-10 23:25 - 2013-10-26 13:36 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2014-01-10 20:18 - 2014-01-05 20:29 - 00000000 ____D C:\Users\Michael\Downloads\Dani
2014-01-10 00:45 - 2014-01-10 00:44 - 00000000 ____D C:\Users\Michael\Documents\gSyncit
2014-01-10 00:07 - 2014-01-09 23:46 - 00038479 _____ C:\Users\Michael\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2014-01-09 23:46 - 2013-10-24 13:52 - 00000000 ____D C:\Users\Michael\Documents\Dateien
2014-01-08 17:50 - 2013-10-23 01:56 - 00000000 ____D C:\Users\Michael
2014-01-07 02:36 - 2013-12-22 13:12 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-05 20:29 - 2014-01-05 20:29 - 00000000 ____D C:\Users\Michael\Downloads\Eva
2014-01-05 16:04 - 2014-01-05 15:39 - 00000000 ____D C:\Users\Michael\Documents\Benutzerdefinierte Office-Vorlagen
2014-01-03 21:17 - 2014-01-03 21:17 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-03 13:11 - 2013-11-12 22:15 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-02 19:44 - 2014-01-02 19:44 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-02 19:44 - 2013-10-24 23:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-02 19:44 - 2013-10-24 23:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-02 19:44 - 2013-10-24 23:02 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-02 19:44 - 2013-10-24 23:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-02 19:44 - 2013-10-24 23:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-02 19:44 - 2013-10-24 23:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-21 11:43 - 2013-12-21 11:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\e-academy Inc
2013-12-21 11:43 - 2013-12-21 11:43 - 00000000 ____D C:\Users\Michael\AppData\Local\e-academy Inc
2013-12-19 13:21 - 2013-10-25 11:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++
2013-12-19 11:58 - 2013-10-23 16:00 - 00000000 ____D C:\Program Files (x86)\1Password
2013-12-18 21:09 - 2013-10-23 02:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-18 21:04 - 2013-10-23 02:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-18 21:04 - 2013-10-23 02:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-18 21:03 - 2013-10-23 02:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-18 18:01 - 2013-10-25 23:09 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2013-12-18 17:15 - 2013-12-18 17:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\XMedia Recode
2013-12-18 16:31 - 2013-12-18 16:31 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2013-12-16 19:07 - 2013-10-23 15:48 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\1Password-1.0.9.339.exe
C:\Users\Michael\AppData\Local\Temp\1Password-1.0.9.340.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Michael\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Michael\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 17:01
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014
Ran by Michael at 2014-01-15 04:34:44
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
1Password 1.0.9.340 (x32 Version: 1.0 - AgileBits)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: 4.1.6 - Canon Inc.)
Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.)
Canon MG5200 series MP Drivers (Version: - Canon Inc.)
Canon MP Navigator EX 4.0 (x32 Version: - )
CCleaner (Version: 4.07 - Piriform)
Dell Touchpad (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
FreeFileSync 5.23 (x32 Version: 5.23 - Zenju)
FRITZ!Box-Fernzugang einrichten (x32 Version: 1.0.3 - AVM Berlin)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.15.69 - Google)
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
gSyncit (x32 Version: 3.8.68 - Fieldston Software)
inSSIDer 3 (x32 Version: 3.0.7.48 - MetaGeek, LLC)
Intel(R) Management Engine Components (x32 Version: 7.1.50.1172 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.1000.0494 - Intel Corporation) Hidden
Intel(R) Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) WiDi (Version: 4.3.3.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.1.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.1000.0235 - Intel Corporation) Hidden
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MailStore Home 8.1.0.9075 (x32 Version: 8.1.0.9075 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
Music Manager (HKCU Version: - Google, Inc.)
MyPhoneExplorer (x32 Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (x32 Version: 6.5.2 - Notepad++ Team)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.16 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PDFCreator (x32 Version: 1.7.1 - pdfforge)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Quickset64 (Version: 11.0.24 - Dell Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recuva (Version: 1.49 - Piriform)
Samsung Magician (x32 Version: 4.2.1 - Samsung Electronics)
SDFormatter (x32 Version: 4.0.0 - SD Association)
Secure Download Manager (x32 Version: 3.1.40 - Kivuto Solutions Inc.)
Skype Web Plugin (x32 Version: 2.3.12417.17599 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
STRATO HiDrive (remove only) (x32 Version: - STRATO AG)
System Requirements Lab for Intel (x32 Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.1 (x32 Version: 2.1.1 - VideoLAN)
VR-NetWorld (x32 Version: - )
Windows Deployment Tools (x32 Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (x32 Version: 8.59.25584 - Microsoft)
XMedia Recode Version 3.1.7.6 (x32 Version: 3.1.7.6 - XMedia Recode)
==================== Restore Points =========================
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {341DB6DA-3A12-410E-8A47-B16D83AA94F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-15] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {69ED9B3B-CBAB-4DB5-B59D-0C6E81593B7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-25] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D2F445C-6B53-43BE-B629-1EAA088C95DD} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7FB92059-8A51-4C10-B0B0-B39FD36D37EF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-01-15] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88BCFD51-DD23-49CD-AF7B-B3F4C489C278} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9C07470D-892F-4BEB-8C7B-A1B5FA3845CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-02] (AVAST Software)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD3D9DC2-501E-4E34-B3B3-EA0F9D2477DC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {B4134CF8-B062-4EE3-9099-B1E9A7FA399A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-25] (Google Inc.)
Task: {BFD5C2CE-6C9A-4710-B7D4-E1CE96F8BA81} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F7222732-5D2C-4256-A38B-E2E3BD4DA699} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2412235728-2126132841-3062882194-1001Core1cef3387b1cc7ba.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-14 20:52 - 2014-01-14 18:11 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\14011401\algo.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-23 16:00 - 2013-04-23 09:59 - 00376832 _____ () C:\Program Files (x86)\1Password\js3215R.dll
2013-10-24 23:02 - 2013-10-24 23:02 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-11 17:46 - 2013-12-11 17:46 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Michael\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Integrated Webcam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: NVIDIA GeForce GT 525M
Description: NVIDIA GeForce GT 525M
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8086.16 MB
Available physical RAM: 5903.11 MB
Total Pagefile: 9366.16 MB
Available Pagefile: 7359.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:214.28 GB) (Free:23.97 GB) NTFS
Drive d: (15 Jan 2014) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 2F11C0D4)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=214 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-15 04:27:28
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e Samsung_SSD_840_PRO_Series rev.DXM05B0Q 238,47GB
Running: jjtyh8s8.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwldypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000097500 15 bytes [00, F1, 0F, 02, C0, 1E, 70, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000097510 11 bytes [00, 4D, FC, FF, 80, 7C, DF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[540] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\services.exe[596] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\lsass.exe[604] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[648] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\svchost.exe[776] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[960] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\svchost.exe[84] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\svchost.exe[304] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\svchost.exe[828] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1092] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1108] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1244] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1244] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\WLANExt.exe[1244] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\WLANExt.exe[1244] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\WLANExt.exe[1244] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\conhost.exe[1260] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1420] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1420] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\System32\spoolsv.exe[1420] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\System32\spoolsv.exe[1420] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\System32\spoolsv.exe[1420] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\svchost.exe[1476] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1620] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1760] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1812] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1812] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1812] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1812] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1812] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1812] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffeef121f6a 4 bytes [12, EF, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1812] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffeef121f82 4 bytes [12, EF, FE, 7F]
.text C:\Windows\system32\dashost.exe[1828] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe[1908] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2012] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2012] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2012] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2012] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2012] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2068] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2068] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2068] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2068] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2068] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\svchost.exe[2116] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe[2144] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2504] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2532] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2532] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2532] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2532] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2532] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\wbem\unsecapp.exe[2716] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2812] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2812] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2812] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2812] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2812] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\Explorer.EXE[3792] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\Explorer.EXE[3792] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\Explorer.EXE[3792] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\Explorer.EXE[3792] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\Explorer.EXE[3792] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\system32\taskhostex.exe[3624] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4312] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\skydrive.exe[4504] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\RuntimeBroker.exe[4852] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\rundll32.exe[4820] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[3984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[3984] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\Apoint.exe[3984] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\Apoint.exe[3984] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\Apoint.exe[3984] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[5012] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[5012] C:\Windows\system32\PSAPI.dll!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[5012] C:\Windows\system32\PSAPI.dll!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[5012] C:\Windows\system32\PSAPI.dll!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[5012] C:\Windows\system32\PSAPI.dll!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Program Files\DellTPad\Apntex.exe[5044] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\conhost.exe[2776] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[3524] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4000] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Program Files\Dell\QuickSet\quickset.exe[4636] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[5132] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[5156] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[5192] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[5192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffef7a2169a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[5192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffef7a216a2 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[5192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffef7a2181a 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[5192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffef7a21832 4 bytes [A2, F7, FE, 7F]
.text C:\Windows\System32\SettingSyncHost.exe[4860] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[3488] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffef85c977d 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [552:580] fffff960008794d0
Thread C:\Windows\System32\WWAHost.exe [5876:3680] 00007ffef7d85810
Thread C:\Windows\System32\WWAHost.exe [5876:3696] 00007ffef59c0b0c
Thread C:\Windows\System32\WWAHost.exe [5876:3704] 00007ffeefc980ac
Thread C:\Windows\System32\WWAHost.exe [5876:3768] 00007ffef59c05d0
Thread C:\Windows\System32\WWAHost.exe [5876:3676] 00007ffef60965dc
Thread C:\Windows\System32\WWAHost.exe [5876:5888] 00007ffed62bc990
Thread C:\Windows\System32\WWAHost.exe [5876:4716] 00007ffed62befd0
Thread C:\Windows\System32\WWAHost.exe [5876:4180] 00007ffed645210c
Thread C:\Windows\System32\WWAHost.exe [5876:4836] 00007ffed62befd0
Thread C:\Windows\System32\WWAHost.exe [5876:4956] 00007ffed62befd0
Thread C:\Windows\System32\WWAHost.exe [5876:4828] 00007ffef79899b0
Thread C:\Windows\System32\WWAHost.exe [5876:5032] 00007ffef79899b0
Thread C:\Windows\System32\WWAHost.exe [5876:4128] 00007ffed62befd0
Thread C:\Windows\System32\WWAHost.exe [5876:4104] 00007ffee6859894
Thread C:\Windows\System32\WWAHost.exe [5876:4100] 00007ffee6856530
Thread C:\Windows\System32\WWAHost.exe [5876:2796] 00007ffef7d85810
Thread C:\Windows\System32\WWAHost.exe [5876:2944] 00007ffef7d85810
Thread C:\Windows\System32\WWAHost.exe [5876:4736] 00007ffef894cbe4
Thread C:\Windows\System32\WWAHost.exe [5876:2584] 00007ffef7691b54
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 109
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{19F1DDD9-ED8F-41E2-8428-E920152BDAE7}\Connection@Name isatap.localdomain
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -588879235
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\bc773712da1c
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{19F1DDD9-ED8F-41E2-8428-E920152BDAE7}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{19F1DDD9-ED8F-41E2-8428-E920152BDAE7}@DefunctTimestamp 0x25 0xEE 0xD5 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7953
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 912
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{D915BB58-5FD3-48B8-9040-DCEA9AB1AFEC} v2.22|Action=Block|Active=TRUE|Dir=In|Name=OICE_15_974FA576_32C1D314_E65|Desc=OICE_15_974FA576_32C1D314_E65|LUOwn=S-1-5-21-2412235728-2126132841-3062882194-1001|AppPkgId=S-1-15-2-3879782533-1573425442-3232146274-3482372062-2431273828-4044745375-2469273983|EmbedCtxt=OICE_15_974FA576_32C1D314_E65|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{5CF38F43-ECA4-431C-81AC-2BA754EC3201} v2.22|Action=Block|Active=TRUE|Dir=Out|Name=OICE_15_974FA576_32C1D314_E65|Desc=OICE_15_974FA576_32C1D314_E65|LUOwn=S-1-5-21-2412235728-2126132841-3062882194-1001|AppPkgId=S-1-15-2-3879782533-1573425442-3232146274-3482372062-2431273828-4044745375-2469273983|EmbedCtxt=OICE_15_974FA576_32C1D314_E65|
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 462
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Michael\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_Microsoft.SkypeA_b8fbb1ccf546638eb95478d7180d58eca9ecbfb_2b3283d7_cab_0f3104ba
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@FirstLevelConsentDialog 0x76 0x07 0x0D 0x00 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows@UserSelectedDefault 1
---- EOF - GMER 2.1 ----
Avast Startzeit Überprüfung (Die beiden Dateien dürften Fehlfunde sein, handelt sich um Tools zum Handy Rooten): Code:
ATTFilter 01/15/2014 04:45
Prüfung aller lokalen Laufwerke
Datei C:\Daten\2013-02-12 Datensicherung Homepage\tagebuch\ftp\13_02_2013_WebFTP.zip|>typo3conf\ext\tipafriend\doc\manual.sxw|>Pictures\10000000000000A40000003489996C42.png Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Daten\Handy\HTC Legend\Root\htcsupertoolv3.rar|>root\zergRush ist infiziert von ELF:Lootor-X [PUP]
Datei C:\Daten\Handy\HTC Legend\Root\htcsupertoolv3.rar|>htcsupertoolv3\root\zergRush ist infiziert von ELF:Lootor-X [PUP]
Datei C:\Users\Michael\Documents\AvastPEToolkit\a32918368eba6a062aaaaf73e3618131.cab|>file20fd40b36777fc89cb8ce6f44153733|>msil_microsoft.build.resources_b03f5f7f11d50a3a_4.0.9200.16384_sv-se_3461785eaed503e7\microsoft.build.resources.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Users\Michael\Documents\AvastPEToolkit\a32918368eba6a062aaaaf73e3618131.cab|>file20fd40b36777fc89cb8ce6f44153733 Fehler 42127 {CAB-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 41251
Anzahl der geprüften Dateien: 1072127
Anzahl infizierter Dateien: 2
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.14.08 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Michael :: MICHAEL [Administrator] 15.01.2014 02:54:12 mbam-log-2014-01-15 (02-54-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 449680 Laufzeit: 14 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
16.01.2014, 08:34
| #4 |
| /// the machine /// TB-Ausbilder | Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden Das ist ein Fehlalarm von Avast gewesen, alles gut 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2014, 14:53
| #5 |
| | Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden Gut zu wissen. Besten Dank! |
|
17.01.2014, 12:33
| #6 |
| /// the machine /// TB-Ausbilder | Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden Gern Geschehen
__________________ --> Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden |
|
| Themen zu Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden |
| amd, anderen, automatisch, avast, beendet, dateien, erneut, file, files, hallo zusammen, infizierte, januar, log, offline, ordner, pagefile.sys, prozess, rootkit, rootkit entfernen, rootkits, swapfile.sys, system, virus, virustotal, windows, zugriff, zugriff verweigert |
Linear-Darstellung
